Blog & Tools

Healthcare industry has a big job and a big target on its back

nurse in hospital reviewing information on a tablet

Healthcare facilities are especially tempting targets for big-time hackers. That’s not surprising, considering the important services the industry provides and the detailed files it has on patients and employees.

COVID-19 has played into the hands of the bad guys, in a way, by creating more patients. The pandemic also has given hackers an influx of home-based work stations to attack – targets that might not be as secure as employees’ regular offices.

Ransomware is often the weapon of choice when healthcare facilities are attacked. Ransomware is malicious software that can encrypt targeted files and lock up victims’ networks. To free up the information, hackers typically demand payment in an anonymous cyber currency, such as bitcoin.

Pennsylvania-based Universal Health Services, which operates more than 400 facilities in the United States and beyond, appears to be one of the most recent victims of an attack on a healthcare institution. It was attacked on Sept. 27.

Universal Health says patient care continued and there was no evidence that hackers accessed patient or employee data. Clearly, however, they threatened and, to some degree, disrupted operations.

Such attacks highlight the importance of securing internet-connected devices used in hospitals, clinics and other healthcare facilities.

Ransomware: How it works

The importance of securing healthcare devices is the theme of the third week of National Cybersecurity Awareness Month. The special month is being observed throughout October, with a different focus each week. The U.S. Department of Homeland Security and the National Cyber Security Alliance created the special month in 2004 to promote computer-related security.

As a leading, regional provider of broadband connectivity and related services for businesses and institutions, including healthcare facilities, SDN Communications is an enthusiastic supporter and local champion of the public-awareness effort.

SDN Communications Expert Spotlight

Jake VanDewater

Vice President of Engineering, Operations & IT

Jake VanDewater, vice president of engineering, operations and IT at SDN, recently noted hackers are shifting their ransomware tactics. Companies that fell victim to ransomware used to fear that important electronic information could be locked up and lost forever. So, they got better at backing up important information, reducing the likelihood they’d need to pay a ransom.

Now, instead of locking up the data, hackers are threatening to release stolen files to the public. Companies then have to decide whether to pay up to prevent sensitive information from being released to competitors or customers.

The FBI encourages businesses to not pay the ransom because it encourages crime. However, data indicates that more than half of successfully attacked businesses pay up, sometimes with no firm guarantee their data will be released.

“Fifty-five percent of businesses are paying that ransom because maybe they don’t have a good backup or perhaps that information is just sensitive and they don’t want to risk having it released to the public,” VanDewater said.

The key is for businesses to avoid getting infected in the first place. VanDewater offered three general suggestions to help companies avoid introducing ransomware and other malware into their computer networks:

  1. Train employees to be careful with email. Be wary of requests for information, for example, and don’t click on suspicious links in messages. Double-check the identity of any sender whose message appears suspicious.
  2. Be wary when visiting websites. Some websites are double as traps for hackers to stash malware to unleash it on unsuspecting visitors.
  3. Exercise care in downloading and using apps, especially free ones. Only download applications from vetted, trusted sources.

Hackers might use the phone, regular mail or even visit in person and make a seemingly legitimate request for information. Always be careful when releasing information regarding any aspect of internal, company operations. Check with a supervisor or get the opinion of an experienced, trusted colleague.

Be safe. Not sorry.

Healthcare institutions have a big enough job to do without having to deal with computer infections.

SDN is a leader in providing business internet, private networking and cloud connectivity to businesses and organizations in communities such as Sioux Falls, Rapid City, Worthington, and the surrounding areas.